Software developers often use their own customized tools to automatically sign their code. For example, developers may use a combination of make files and code-signing tools (e.g., jarsigner) to automatically build and sign code for testing or other non-commercial purposes using a self-signed certificate. However, when a developer wants to sign their code with a production certificate (which may be used for commercial sale or formal distribution), they need to obtain certificates provided by a trusted Certificate Authority (CA). Some CAs may provide code-signing services that allow developers to upload their code to a code-signing server, where it is then signed with a certificate from the CA and sent back to the developer. While this may simplify the process needed to obtain software signed with a publically trusted CA's certificate, it may generally require that the developer sign into a web portal using a web browser and then upload the code to a code-signing server. In addition, this solution may inadequately address the needs of large build-room environments where multiple developers are working on the same project (often continuously building and signing their software in a Continuous Integration (CI) type environment) as it may disrupt existing build processes and systems.
What is needed, therefore, is a more efficient and effective mechanism for automating cloud-based code-signing services.